Log user approval/rejection in application logs

43630ae3 · Serena Fang · James Lopez · 13f7c2f3 · 43630ae3 · 43630ae3
Commit 43630ae3 authored Jan 29, 2021 by Serena Fang Committed by James Lopez Jan 29, 2021
5 changed files
--- a/app/services/users/approve_service.rb
+++ b/app/services/users/approve_service.rb
@@ -17,6 +17,7 @@ module Users
        user.accept_pending_invitations! if user.active_for_authentication?
        DeviseMailer.user_admin_approval(user).deliver_later
+        log_event(user)
        after_approve_hook(user)
        success(message: 'Success', http_status: :created)
      else
@@ -39,6 +40,10 @@ module Users
    def approval_required?(user)
      user.blocked_pending_approval?
    end
+    def log_event(user)
+      Gitlab::AppLogger.info(message: "User instance access request approved", user: "#{user.username}", email: "#{user.email}", approved_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}")
+    end
  end
 end

--- a/app/services/users/reject_service.rb
+++ b/app/services/users/reject_service.rb
@@ -16,6 +16,8 @@ module Users
      NotificationService.new.user_admin_rejection(user.name, user.email)
+      log_event(user)
      success
    end
@@ -30,6 +32,10 @@ module Users
    def after_reject_hook(user)
      # overridden by EE module
    end
+    def log_event(user)
+      Gitlab::AppLogger.info(message: "User instance access request rejected", user: "#{user.username}", email: "#{user.email}", rejected_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}")
+    end
  end
 end

--- a/changelogs/unreleased/298783-log-user-instance-request-in-audit-events.yml
+++ b/changelogs/unreleased/298783-log-user-instance-request-in-audit-events.yml
+---
+title: Log user approval/rejection in application logs
+merge_request: 51768
+author:
+type: added
--- a/spec/services/users/approve_service_spec.rb
+++ b/spec/services/users/approve_service_spec.rb
@@ -61,6 +61,14 @@ RSpec.describe Users::ApproveService do
          expect(user.reload).to be_active
        end
+        it 'logs approval in application logs' do
+          allow(Gitlab::AppLogger).to receive(:info)
+          subject
+          expect(Gitlab::AppLogger).to have_received(:info).with(message: "User instance access request approved", user: "#{user.username}", email: "#{user.email}", approved_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}")
+        end
        it 'emails the user on approval' do
          expect(DeviseMailer).to receive(:user_admin_approval).with(user).and_call_original
          expect { subject }.to have_enqueued_mail(DeviseMailer, :user_admin_approval)

--- a/spec/services/users/reject_service_spec.rb
+++ b/spec/services/users/reject_service_spec.rb
@@ -48,6 +48,14 @@ RSpec.describe Users::RejectService do
          subject
        end
+        it 'logs rejection in application logs' do
+          allow(Gitlab::AppLogger).to receive(:info)
+          subject
+          expect(Gitlab::AppLogger).to have_received(:info).with(message: "User instance access request rejected", user: "#{user.username}", email: "#{user.email}", rejected_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}")
+        end
      end
    end